From d2cc38cfddfe3ba8a028f071078c0015be64f51d Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 3 Sep 2021 12:56:39 +0200
Subject: Adding remaining configuration options for dehydrated preseeding.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/open-infrastructure-dehydrated-tools.config | 27 +++++++++++
 .../open-infrastructure-dehydrated-tools.postinst  | 52 ++++++++++++++++++++++
 .../open-infrastructure-dehydrated-tools.templates | 24 ++++++++++
 3 files changed, 103 insertions(+)

diff --git a/debian/open-infrastructure-dehydrated-tools.config b/debian/open-infrastructure-dehydrated-tools.config
index e795e68..28c38ed 100644
--- a/debian/open-infrastructure-dehydrated-tools.config
+++ b/debian/open-infrastructure-dehydrated-tools.config
@@ -21,6 +21,15 @@ db_settitle open-infrastructure-dehydrated-tools/title
 db_input low open-infrastructure-dehydrated-tools/ca || true
 db_go
 
+if [ -n "${AUTO_CLEANUP}" ]
+then
+	db_set open-infrastructure-dehydrated-tools/auto-cleanup "${AUTO_CLEANUP}"
+fi
+
+db_settitle open-infrastructure-dehydrated-tools/title
+db_input low open-infrastructure-dehydrated-tools/auto-cleanup || true
+db_go
+
 if [ -n "${CHALLENGETYPE}" ]
 then
 	db_set open-infrastructure-dehydrated-tools/challengetype "${CHALLENGETYPE}"
@@ -60,4 +69,22 @@ then
 	db_go
 fi
 
+if [ -n "${OCSP_FETCH}" ]
+then
+	db_set open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}"
+fi
+
+db_settitle open-infrastructure-dehydrated-tools/title
+db_input low open-infrastructure-dehydrated-tools/ocsp-fetch || true
+db_go
+
+if [ -n "${OCSP_MUST_STAPLE}" ]
+then
+	db_set open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_STAPLE}"
+fi
+
+db_settitle open-infrastructure-dehydrated-tools/title
+db_input low open-infrastructure-dehydrated-tools/ocsp-must-staple || true
+db_go
+
 db_stop
diff --git a/debian/open-infrastructure-dehydrated-tools.postinst b/debian/open-infrastructure-dehydrated-tools.postinst
index e7e5ce5..5734044 100755
--- a/debian/open-infrastructure-dehydrated-tools.postinst
+++ b/debian/open-infrastructure-dehydrated-tools.postinst
@@ -86,6 +86,9 @@ case "${1}" in
 		db_get open-infrastructure-dehydrated-tools/ca
 		CA="${RET}" # select
 
+		db_get open-infrastructure-dehydrated-tools/auto-cleanup
+		AUTO_CLEANUP="${RET}" # boolean
+
 		db_get open-infrastructure-dehydrated-tools/challengetype
 		CHALLENGETYPE="${RET}" # select
 
@@ -101,11 +104,60 @@ case "${1}" in
 		db_get open-infrastructure-dehydrated-tools/register
 		REGISTER="${RET}" # boolean
 
+		db_get open-infrastructure-dehydrated-tools/ocsp-fetch
+		OCSP_FETCH="${RET}" # boolean
+
+		db_get open-infrastructure-dehydrated-tools/ocsp-must-staple
+		OCSP_MUST_STAPLE="${RET}" # boolean
+
 		db_stop
 
+		case "${AUTO_CLEANUP}" in
+			true)
+				AUTO_CLEANUP="yes"
+				;;
+
+			false)
+				AUTO_CLEANUP="no"
+				;;
+		esac
+
+		case "${REGISTER}" in
+			true)
+				REGISTER="yes"
+				;;
+
+			false)
+				REGISTER="no"
+				;;
+		esac
+
+		case "${OCSP_FETCH}" in
+			true)
+				OCSP_FETCH="yes"
+				;;
+
+			false)
+				OCSP_FETCH="no"
+				;;
+		esac
+
+		case "${OCSP_MUST_STAPLE}" in
+			true)
+				OCSP_MUST_STAPLE="yes"
+				;;
+
+			false)
+				OCSP_MUST_STAPLE="no"
+				;;
+		esac
+
 		Config /etc/dehydrated/conf.d/ca.sh CA ${CA}
+		Config /etc/dehydrated/conf.d/cleanup.sh AUTO_CLEANUP ${AUTO_CLEANUP}
 		Config /etc/dehydrated/conf.d/challenge.sh CHALLENGETYPE ${CHALLENGETYPE}
 		Config /etc/dehydrated/conf.d/contact.sh CONTACT_EMAIL ${CONTACT_EMAIL}
+		Config /etc/dehydrated/conf.d/ocsp.sh OCSP_FETCH ${OCSP_FETCH}
+		Config /etc/dehydrated/conf.d/ocsp.sh OCSP_MUST_STAPLE ${OCSP_MUST_STAPLE}
 
 		for HOOK in $(cd /usr/share/dehydrated/hooks && find -maxdepth 1 -not -type d -printf '%P\n' | sort)
 		do
diff --git a/debian/open-infrastructure-dehydrated-tools.templates b/debian/open-infrastructure-dehydrated-tools.templates
index 7f14cb9..e074de6 100644
--- a/debian/open-infrastructure-dehydrated-tools.templates
+++ b/debian/open-infrastructure-dehydrated-tools.templates
@@ -11,6 +11,14 @@ Description: dehydrated Certificate Authority (CA):
  .
  If unsure, use letsencrypt (default).
 
+Template: open-infrastructure-dehydrated-tools/auto-clean
+Type: boolean
+Default: no
+Description: dehydrated auto clean:
+ Please select the Certificate Authority to use with dehydrated.
+ .
+ If unsure, use letsencrypt (default).
+
 Template: open-infrastructure-dehydrated-tools/challengetype
 Type: select
 Choices: dns-01, http-01
@@ -49,3 +57,19 @@ Default: false
 Description: dehydrated register:
  Should a 'dehydrated --register --accept-terms' be executed now to create
  an account for this system with your CA.
+
+Template: open-infrastructure-dehydrated-tools/ocsp-fetch
+Type: boolean
+Default: false
+Description: dehydrated OCSP fetch:
+ Should dehydrated automatically fetch the OCSP signature?
+ .
+ If unsure, use 'no' (default).
+
+Template: open-infrastructure-dehydrated-tools/ocsp-must-staple
+Type: boolean
+Default: false
+Description: dehydrated OCSP must staple:
+ Should dehydrated request certificates that must use OCSP stapling?
+ .
+ If unsure, use 'no' (default).
-- 
cgit v1.2.3